WSUS 3.0 SP2 Beta Program now available on Microsoft Connect!

I am very pleased to announce that WSUS 3.0 SP2 Beta is available today, January 26, via the Connect Site. All you have to do is sign in to your Connect account or sign up now in order to participate in the Beta program.

WSUS 3.0 SP2 Beta Overview

New Windows Server and Client Version Support

· Integration with Windows Server® 2008 R2

· Support for Windows 7® client

· Support for the BranchCache feature on Windows Server® 2008 R2

WSUS Beta Feature Improvements and Fixes

Auto-Approval Rules

· New functionality lets you specify the approval deadline date and time.

· You can now apply a rule to all computers or to specific computer groups.

Update Files and Languages

· This release provides improved handling of language selection on downstream servers. A new warning dialog appears when you download updates only for specified languages.

Cross-Version Compatibility

· The user interface is compatible between Service Pack 1 and Service Pack 2 for WSUS 3.0 on both the client and the server.

Software Updates

· Stability and reliability fixes for the WSUS server, such as support for IPV6 addresses greater than 40 characters.

· The approval dialog now sorts computer groups alphabetically by group name.

Probably not addressed in SP2 but maybe for a future release (as I don’t think SP1 is capable):

The ability to import a Microsoft non-security update into WSUS. I know you can bring them in from the Windows Catalog but not all updates are there (such as KB950582 for Windows XP/2003) at last check.

I only use driver Updates over WSUS in special cases if they are really needed. It should be possible to have an overview what drivers WSUS has to offer without thousand of useless entries (which cannot even distinguished because they have the exact same description).

Oh, and a second thing. Please extend the Command Line Tool, so i can script ALL Tasks that the "Server Cleanup Wizard" has to offer. Thanks.

As of now we have some views to show download progress of updates and must run net stop WsusService when have to install updates for SQL Server instance on which WSUS Service resides. Of course main part of work is done in management console.

"The approval dialog now sorts computer groups alphabetically by group name." FINALLY! The random sorting of this dialog was bugged during the beta and not resolved, so great to see this finally make it into SP2.

Wow – we cutover from SUS 2.x to WSUS 3.x (only for the upcoming end of support for ver 2) and there are numerous enhancements that I have to recommend in order to streamline administration.

First and foremost – we have a process in place where we log our update pushes to a public tech support calendar in Exchange. This gives us a reference point should there be a conflict with a recent update (this has happened, although not often). There is no way to copy the text of the update and the update title itself within the WSUS console as you could in the previous version of SUS.

Second – I ran a report in WSUS to search on machines that failed or needed to install a patch. I selected the patch from the report and it lists the number of machines that failed to install or needed the patch but you cannot drill down into the report!

Third – You cannot filter the report to only include a specific update. There’s no option to do this. You have to sift through the list of updates from the "Updates" tree, highlight the specific update and click "Status Report."

Fourth – "In Options | Products and Classifications" I have selected only Windows XP and Windows 2000 as the OS to download patches for. Instead, I’m downloading an update list that includes Windows Vista, Windows 2003 Server, XP 64-bit etc. What is this?

Fifth – I have defined a "Test" group via GPO. Although WSUS seems to have discovered this group (maybe throught the 2.x to 3.x upgrade?) the machines are not automatically moved into this group. I had to move them manually.

Sixth – There is no option to force a synchronization to all downstream servers. I had a patch that I needed to deploy immediately and had to console to all 40+ WSUS servers to force synchronization. Very cumbersome when your setup is a multi-tiered WSUS sync design.

Aparantly MS just released what you want TODAY! Check out MS Security Advisory 967940 and KB967715. This contains the same update as KB950582 but is distributable via WSUS for 2000, 2003 and XP.

@WSUS Team

A couple small gripes/requests:

1) WSUS rounds statistics. It often shows an update as being 100% installed when in reality it is only ~98.8% installed.

2) It really would be useful to be able to distinguish between "installed" and "not applicable". I only have a handful of 2003 machines in my environment. It’s really annoying to have a new 2003 update come out and show as 95% installed, when it is really 0% installed on the computers it actually applies to.

3) There needs to be another option besides "decline" for updates I don’t want to install right away. Maybe something like a "snooze" option. I don’t want to decline them, but I also don’t want them to show as "needed" in the computer statistics until they are actually approved.

1) there should be a seperation at syncing, for dowloading Updates for a special Platform. (x86, x64, ia64)

Because if a only have x64 servers, all updates for x86 and ia64 servers are not relevant for me, but now they show up and there is now way to filter sync.

Maybe there shoult be a new filter option for platform. This would be great.

1) Is there any way to make usefull "New Update View", where i can only see updates filtered by Platform (x86, x64, ia64, all)

because if i have a mixed W2003 environment (x86/ x64), i want to have to seperate views for this.

2) Also at the "Computer Group" view there you can not define a distinction between Platforms.

If you have lets say 300 servers, it would be fine to get this seperation.

3) Like someone above mentioned, it would be great, if you can say something like "not needed in my org" for an update, and that such updates will not show up any more as needed updates. But there must be the possibility to change this later in time again.

4) A seperation between "installed" and "not appicable" is realy necessary in the reports

5) And last but not least can you implemt a way like "Aplly to all views" and "apply to all computer groups" with the option to select the updtae view or computer group to aply the settings on it.

If you select weekly, there is no options to select the day of the week!

C’mon guys – to me WSUS 3.x is looking really sloppy and appears to be written by folks that have never even run this stuff in the "real world."

The single most bothersome aspect of WSUS 3.x is the fact that I have deselected e.g. "Vista" for products and classifications yet I still see these updates in my Updates view. What a pain to sift through this stuff!

I would recommend that ver 2.x support be extended indefinitely until an administratively streamlined ver 4.x is released. 3.x is definitely a step back.

Thanks, I’m glad to see an update. Please fix the needed / not approved problem. I really do not need to know that an unnapproved patch is needed. I think there are many people out there requesting this feature.

I cannot believe this one (well, maybe I can at this point…) – I ran a status report on a computer that is showing "Updates with errors" and I can’t drill down into the report to see exactly which update is failing!

As to avoid the running off of excess renovations. In me server English, but working stations Russians, with respect to me are not necessary Russian renovations for the servers and English for the working stations.

I wish they would add the ability for deadlines to not autoreboot systems. I can see how autorebooting will help in some situtations, but this kills you if you cannot just reboot systems in the middle of the day on users. I would love to see some integration into the console to right click on an object or group and select patch now, or reboot now, or repair automatic updates (for datastore issues or dll’s not regsitered.)

Also, automatic sorting would be nice, example a rule that says if computer name start with then move to, or if OS is then move to. I know you can do it with gpo, but then you loose the ability to move a computer for testing to a container and you also have to create way more gpo’s to acomplish this.

SSL can be a pain to setup also, a Wizard automated this would be nice.

Oh, and I totally agree with the comments about filtering patches on computer checkin date and not showing needed patches for servers that are only approved for workstations. Being able to decline for a container would fix that.

Probably not addressed in SP2 but maybe for a future release (as I don’t think SP1 is capable):

The ability to import a Microsoft non-security update into WSUS. I know you can bring them in from the Windows Catalog but not all updates are there (such as KB950582 for Windows XP/2003) at last check.